[Dime] DiME ERP - Getting the message flows right
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dime] DiME ERP - Getting the message flows right
The figures in http://www.ietf.org/rfc/rfc5296.txt are pretty confusing.
For example, Figure 2 talks about a 'server' rather than saying that this is
the ERP server.
Figure 3 is even more confusing as it shows a standard EAP exchange but then
has a ER server in there.
Peer EAP Authenticator Local ER Server Home EAP Server
==== ================= =============== ===============
<-- EAP-Request/ --
Identity
-- EAP Response/-->
Identity --AAA(EAP Response/-->
Identity) --AAA(EAP Response/ -->
Identity,
[DSRK Request,
domain name])
<------------------------ EAP Method exchange------------------>
<---AAA(MSK, DSRK, ----
EMSKname,
EAP-Success)
<--- AAA(MSK, -----
EAP-Success)
<---EAP-Success-----
Figure 3: Local ERP Exchange, Initial EAP Exchange
I think that the figures have to look like:
============================================================================
=======
EAP Peer Diameter EAP Client EAP Server
======== ================= ==========
<--- EAP-Request/ ------
Identity
----- EAP Response/ --->
Identity ---AAA(EAP Response/Identity)-->
<--- EAP Method -------> <------ AAA(EAP Method -------->
exchange exchange)
<----AAA(MSK, EAP-Success)------
<---EAP-Success---------
Figure 1: EAP Authentication
[This figure does not have any ERP stuff in there. That does not seem to be
right or at least not relevant then.]
Peer Diameter ERP Client ERP Server
==== ============= ======
[<-- EAP-Initiate/ -----
Re-auth-Start]
[<-- EAP-Request/ ------
Identity]
---- EAP-Initiate/ ----> ----AAA(EAP-Initiate/ ---------->
Re-auth/ Re-auth/
[Bootstrap] [Bootstrap])
<--- EAP-Finish/ ------> <---AAA(rMSK,EAP-Finish/---------
Re-auth/ Re-auth/
[Bootstrap] [Bootstrap])
Note: [] brackets indicate optionality.
Figure 2: ERP Exchange
[New Diameter ERP application in action.]
Peer Diameter ERP/EAP Local EAP Proxy/ Home EAP/ERP
==== =====Client====== ===ERP server== ====Server=====
<-- EAP-Request/ --
Identity
-- EAP Response/-->
Identity --AAA(EAP Response/-->
Identity) --AAA(EAP Response/ -->
Identity,
[DSRK Request,
domain name])
<------------------------ EAP Method exchange------------------>
<---AAA(MSK, [DSRK, ----
EMSKname],
EAP-Success)
<--- AAA(MSK, -----
EAP-Success)
<---EAP-Success-----
Figure 3: Local ERP Exchange, Initial EAP Exchange
[Here we assume that there is some communication going on between the
Diameter EAP proxy and the ERP server in the local network.
For editorial reasons we do not show the two entities separately but maybe
we should. The same is true for the Diameter EAP server and the ERP server.
Graphically, this could be shown as:
Diameter EAP +-------------+ Diameter EAP +-------------+
| | | |
<------------>| Local |<---------------->| Home |
| Diameter | | Diameter |
| EAP Proxy | | EAP Server |
| | | |
+-------------+ +-------------+
^ ^
(a)| proprietary proprietary |(b)
v v
+-------------+ +-------------+
Diameter ERP | | Diameter ERP | |
| Local | | Home |
<------------>| Diameter |<---------------->| Diameter |
| ERP Server | | ERP Server |
| | | |
+-------------+ +-------------+
It might be useful to say what information is exchanged at (a) and (b) and
when in the protocol exchange.
]
Peer ER Authenticator Local ER Server
==== ================ ===============
[<-- EAP-Initiate/ --------
Re-auth-Start]
[<-- EAP-Request/ ---------
Identity]
---- EAP-Initiate/ -------> ----AAA(EAP-Initiate/ -------->
Re-auth Re-auth)
<--- EAP-Finish/ ---------- <---AAA(rMSK,EAP-Finish/-------
Re-auth Re-auth)
Figure 4: Local ERP Exchange
[Is this figure from a Diameter ERP routing the same as Figure 2?]
So, I suggest to get the high level messaing right before starting with the
details
Ciao
Hannes
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
